Principal Security Engineer

Candid Health•San Francisco, Denver, CO

3d•$240,000 - $310,000

About The Position

The Role You will be the foundational technical pillar for security at Candid Health. As our first Principal Security Engineer, you won't just be managing a compliance checklist—you will architect, build, and scale the technical systems that protect our customers and their patients. Operating as a high-influence individual contributor, you will partner directly with Engineering and Product leadership to ensure we ship features rapidly while maintaining an ironclad promise of data integrity. This is a role for a heavy-hitting technical leader who wants to set the security blueprint for a fast-growing health-tech platform.

Requirements

10+ years of experience in security engineering, with a proven track record of architecting secure systems across complex technical surface areas in both startup and scaled enterprise environments.
You have driven security outcomes at scale. You know how to balance pragmatism with bulletproof defense-in-depth, and you excel at navigating the technical trade-offs required in a fast-moving engineering organization.
You possess a deep, native understanding of sensitive, highly regulated datasets and the unique, high-stakes challenges of handling protected critical information
You know how to code, architect, and influence. You are equally comfortable writing secure infrastructure-as-code, threat-modeling a distributed system, or standing in front of an enterprise customer's CISO to defend Candid's security posture.

Responsibilities

Architect and Guide the Security Landscape: Serve as the ultimate technical authority for security at Candid. While you won’t be managing HR lines, you will set the technical bar, mentor engineers, and help scale a world-class security engineering culture.
Design the Enterprise-Grade Roadmap: Lead the technical transition from a foundational security posture to a best-in-class, resilient enterprise architecture capable of defending complex healthcare data workflows.
Drive Strategy at the Leadership Level: Act as the subject matter expert who translates complex technical risks into business priorities. You will partner with executive leadership to stack-rank risks and embed security directly into Candid’s overarching business strategy.
Bake Trust & Compliance into the Architecture: Translate rigorous frameworks like HIPAA, SOC2, SOC1, PCI, and HITRUST into concrete engineering requirements. You will ensure compliance is a living, automated process built into our code and infra, and you'll regularly serve as the expert technical voice in the room with our largest enterprise customers.
Evangelize a "Secure-by-Design" Culture: Level up our 200+ employees. Through threat modeling, secure coding practices, and cross-functional collaboration, you will embed a security-first mindset across every team from engineering to legal.
Own Vulnerability & Vendor Deep Dives: Oversee third-party penetration testing, dissect vendor architectures before integration, and ensure our production environments undergo continuous automated and manual scrutiny.